package com.kele.shiro.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("/order")
public class ManageController {

	@RequestMapping("/manage")
	public String manage(){
		System.out.println("进入方法");
		//基于角色
		//获取主体对象
		Subject subject = SecurityUtils.getSubject();
		//代码方式
		if (subject.hasRole("manage")) {
			System.out.println("保存订单!");
			return "redirect:/order.html";
		}else{
			System.out.println("无权访问!");
			return "redirect:/error.html";
		}

	}

	@RequiresRoles(value={"manage","user"})//用来判断角色  同时具有 admin user
	@RequiresPermissions("order:save:*") //用来判断权限字符串
	@RequestMapping("save")
	public String save(){
		System.out.println("进入方法");
		return "redirect:/order.html";
	}

}
